[Samba] net rpc rights grant: NT_STATUS_ACCESS_DENIED
Ryan Suarez
ryan.suarez at sheridanc.on.ca
Tue Sep 8 17:08:16 MDT 2009
Adam Nielsen wrote:
>> Use 'net sam' to add the user in question to the BUILTIN\Administrators
>> group on your Samba host.
>>
>>> # /usr/local/samba/bin/net rpc rights grant testpc1
>>> SePrintOperatorPrivilege -U testpc1
>>> Failed to grant privileges for testpc1 (NT_STATUS_ACCESS_DENIED)
>>>
>
> Oh, so does 'net rpc' in this case connect to the local machine? i.e.
> it has nothing to do with Active Directory?
>
> I was under the impression that it modified the permissions on the
> Active Directory object, not what the local Samba instance would allow
> or deny - my apologies!
>
Well, I wasn't actually able to run the net rpc rights grant. I was
still getting the access denied errors. Instead, I just added testpc1
as a member of the local Builtin/Administrators group which has all the
rpc rights by default.
So it's still a valid question. Does net rpc rights grant for the user
edit the Active Directory object?
More information about the samba
mailing list